Imperva Application Security Platform Reviews

We are using this solution for web application firewall protection for the website and web application. I'm a user of this product and work as an information systems security manager. 

I'm very happy with the solution. The most valuable aspect of it is that it blocks all types of attacks.

I think the product could be improved by reducing the price. It would help if they came up with pricing options because as it is now if you're a big company and use the site often, it's more expensive. 

I've been using this solution for almost four years. 

Stability and scalability are fine. 

I don't use the technical support, but my colleagues do and they haven't mentioned any problems. 

I would rate this solution a nine out of 10. 

We are using the solution as a WAF. Beyond that, I can't divulge too much information about the details surrounding how we use the solution as part of a confidentiality agreement we're under with clients.

The solution's most valuable aspect is that it is easy to configure. 

The solution keeps itself up to date itself and there's no customization that we need to do. It makes it extremely easy and cut back on the amount of work required, and saves us on man-hours.

The initial setup is fairly easy.

The log analytics interface within Incapsula isn't really good. For example, if you have to get all logs from there, it's a very cumbersome process.

The solution doesn't seem to come with any other additional features. There are other products in the market today that give you an overall network perimeter protection. Incapsula is good for what it is, but it can expand its horizon a lot if it decides to include more network perimeter protection features and capabilities. It needs items, for example, at endpoints and some sort of firewall that can work at multiple levels. Items of that nature will really bump up the security and make it a much better product.

We've been using the solution for a while now. It's been about three or four years at least.

The solution is fairly stable. I don't think we've had to deal with crashes of the system. There aren't bugs and glitches. We find it to be reliable.

We haven't had any issues with the scalability the solution provides. If a company needs to scale this product they can do so pretty easily.

I've never contacted technical support, and I'm unsure if anyone on my team has, either. I wouldn't be able to speak to the quality of service they provide.

The initial setup was not complex at all. It was pretty straightforward.

The deployment of the solution, which included the design phase of the process, took a few months to complete.

We have our own in-house team that handles any maintenance that needs to happen on an ongoing basis.

We're simply a customer. We don't have a business relationship with the company at this time. We use the product ourselves. We aren't resellers or integrators.

I'd advise other companies, based on the scale of the organization and complexity, that if one has to choose a product, a company cannot choose a product from someone else's say so. It would depend on how complex their network design is. If it's fairly simple, then there's only one thing they need there. Multiple layers mean that this solution may not be the right product. A company has to do the research to find out if there are other products that are offering more of what they want, according to their unique requirements.

I'd rate the solution eight out of ten. If the solution was a bit more complete, and offered, for example, perimeter protection, I would give it higher marks.

We are a solution provider and Imperva is one of the products that we implement for our clients. They use it as an application firewall.

If you are using the appliance as opposed to the virtual deployment, it can stand as the network layer-two and provide real transparency. This is better than the competitors.

Imperva SecureSphere integrates well with other tools.

The user interface could be better.

I have been working with Imperva SecureSphere for about four years.

Imperva solutions are the best in terms of stability.

I have not faced any trouble with scalability because you can easily upgrade the appliance. 

I am regularly in contact with Imperva support and I am satisfied with them.

The initial setup is very basic and really easy to do. I wouldn't say that everybody, such as non-technical, people can do the setup and configuration. However, people with a mid-level of experience in application firewalls can do it easily.

The price of this solution is a little bit high compared to competitors.

My advice to anybody who is considering this solution is that if they want a stable product with good scalability then they can choose Imperva. The price is a little bit higher than that of the competitors, which largely impacts whether customers choose Imperva. In fact, if you don't care about budget then Imperva is the only solution for an application firewall.

My only complaint is that the user interface could be better.

I would rate this solution a nine out of ten.

The most valuable features for us are the DDoS and Bot.

I would like to have support for SSL management and secure DNS.

We have been using Imperva for more than a year.

We have had no problems with stability.

Imperva is a scalable solution. We have about 20 users but it's protecting our main website.

I would say that technical support is average.

We did not use another similar solution prior to Imperva.

The initial setup was simple. It took about two hours to deploy.

The cost is on par with other solutions such as Cloudflare and Akamai. There's not much difference in it.

I would rate this solution a seven out of ten.

Incapsula was acquired by Imperva. We had a need to provide a solution for our clients and the Incapsula solution and Cloud WAF (Web Application Firewall) allowed us to have people subscribe to Incapsula as a service. It was easy to work with because we would just put in the hostname and the IP address of the websites in Incapsula's DNS. When the DNS is resolved it first passes through Incapsula and makes a stops in the Cloud WAF before it sends the website itself.  

Customers can trust it because the traffic going to the customer passes through Incapsula's cloud service. So if there is an attack, the website and the visitors are protected because it will take care of such issues and it eliminates the bad traffic. Both ends are taken care of so the website is protected from hackers because it first goes through the Incapsula Cloud WAF. That is the basic high-level architecture of how the Incapsula works.  

We distributors of Imperva in Africa. I am responsible for our business presence in Eastern and Western Africa. I am fixed locally here in Nigeria. Being distributors, we have a pretty good idea of how the market is in general and how the products are used. All the partners who implement it and who resell sell it, buy it from us and deploy for customer accounts. We cover a high percentage of the financial service industry here in Nigeria.  

For this part of the world, several things are important. It is important that the clients have the features which they get to use to get against bad traffic, of course as this is the reason for the product. But especially for customers in this region, it is also the opportunity to use the service platform. They do not have to own it or maintain it and they may not otherwise have the capacity to deploy this type of solution. Instead, they can pay for it as a service. It works so well here that even some of the banks are using it.  

The most valuable feature is the ability to mitigate bad traffic. I think the highest traffic we would experience can be handled by the Incapsula Cloud WAF because it can scale. So if there is some attack on a website and there is high volume, instead of it disrupting the website and disrupting business operations, it is not a problem for the customer's website. That ability to mitigate problems with the traffic is why the clients use the product to protect their valuable data and customer interactions.  

If I had the opportunity to recommend an enhancement to Imperva it would be to have more POP (Point of Presence) in East and West Africa, and in Central Africa as well. There is only one POP in South Africa. There are other ones are in Europe, America, and Asia and sometimes the latency can be an issue because for your traffic to hit the website — say in East Africa. First, it has to first go to the nearest point of presence. Because of the distance, there can be some problems. So if they have a POP closer to manage customers around Africa this could be a better service to clients.  

I have only recently begun to use Imperva Incapsula compared to the amount of time I have been in the industry. For more than a decade and I have tried my hands on various security solutions, mainly having to do with network infrastructure.  But now I am back to working with security solutions and, over this past year, I have engaged mostly with applications in data security. Before that, I was doing a lot more with the whole of network security. Incapsula is more of an application for data security and it is something which Imperva does pretty well.  

The stability is not an issue. The product is serviced and maintained for the client.  

Virtually all the banks in Nigeria, Ghana, East, and West Africa, are using Imperva. Of course, they are using it for various things, but for the most part, they use it for data security and application security and then also a little bit on the Incapsula platform.  

The scalability depends on the customer but there are really no features that a client will want to request that Imperva does not handle in terms of scalability. Of course, you cannot compare the size of the banks and the input and output demands of banking in Western European countries or the Americas with the needs of banking in Africa.  

For us, it is a good solution.  

Response from technical support has been very good. I would say that they are excellent because they are always willing to attend to customers' requests. They provide support based on time zones so there is good access.  

Because it is a cloud product and the setup is minimal, it is straightforward and quickly implemented.  

I do have experience with Imperva SecureSphere. I am working with various solutions that have various features and how these solutions work for different customers. For one customer, I was trying to do some research to see if they should replace Trustwave WAF with a different solution because the customer asked me about other possibilities. This was my first customer who had asked me to look into Trustwave, so I also took the time to research that product. But different products fit different businesses and industries better.  

I am not an expert in every solution of this type, but I have a pretty good idea of what makes them work as a good solution based on customer needs. I do not do the implementation because I am more in a position of doing pre-sales and consultancy.  

I would highly recommend Imperva Incapsula especially for customers who want extra security for their web presence.  

On a scale from one to ten where one is the worst and ten is the best, I would rate the Incapsula product overall as a nine-out-of-ten.  

Primarily, clients are in need of some extra defense and a bit of protection, which is why they use this solution.

The most important aspect of the solution is the DDoS feature.

The solution has a very good interface.

Last year, the solution added a lot of additional improvements and functionalities, and for now, the features they have offered us have been great. 

They recently added some account takeover protections that have been really useful.

The rules surrounding the making of web applications could be improved.

I believe I've been using the solution for about four years.

There aren't issues with stability. As a cloud solution, it's hard to say if there will be stability issues. There might be issues with some customer setups, for example, but not with the product itself.

The scalability of the solution is okay. Companies can expand it if they need to.

We've been in touch with technical support in the past. Out of ten, I'd rate them at six or seven. We've had some issues with them in terms of response times, but overall they are okay.

We didn't previously work with a different solution. We've partnered with Imperva so we're dealing only with them.

Typically, the initial setup is more or less straightforward. there isn't too much complexity.

We're resellers of the solution.

Typically the solution is deployed with the help of DNS.

It's a good product. It's one of the best on the market. If a company can afford the solution, they should try it out.

I'd rate the solution eight out of ten.

For some time now, I have been the CTO of a consulting company and our main issue is web application security. We also handle database security.

This is one of the solutions that we implement for our clients.

The primary use of this solution is the protection of applications.

This product has a logical perspective of negative and positive security. Negative meaning all of the blacklisted websites, and the positive is the profiling of the website itself. Impera can see and activate the policy, based on what it has learned. Imperva learns things like how dynamic content is dealt with, and what the permitted values are. When you combine these two perspectives, the negative and the positive, you get the optimal protection of the application.

When you want to move to a higher version of the platform, it is not in the GUI and not very easy to do. I expect that this will be available in the next version.

I think that better bot protection is needed in this solution. Bot protection is one of the features in Imperva that lets you recognize if their request is coming from a human or coming from a bot. In this context, a bot is a mechanism being used by the attacker. Good bot protection will reduce a lot of the attacks coming into the applications.

This solution is pretty stable.

If you build this solution properly then you have scalability.

We do not use technical support very often. It is only in cases where we get something that looks like a bug. Their team is good.

The initial setup of this solution is user-friendly and pretty straightforward.

However, the setup, in order to bring the application into inspection, is kind of complex. You need to know what you're doing. It takes approximately four hours to install, setup, and configure this platform.

My team and I handle the integration of this solution for our clients.

The number of people required depends on the environment. Sometimes it is one person, whereas other times there are two.

We have three people who take care of maintaining this solution for our customers.

The cost of this solution depends on the platform. For example, you may be buying virtual or you may be buying appliances. It also depends on the number of environments and the bandwidth that is required.

Compared to other web application firewalls in the market, Imperva does things in the most accurate way.

Overall, Imperva is a pretty good product.

I am working with the development team for Imperva in Israel, and I have submitted some feature requests for things that I think should be changed. Everything that should be fixed, we have a discussion on it and it is probable that these things will be fixed.

My advice to anybody who is implementing this solution is to first go and learn the attack surfaces because you need to protect the assets from attack. In order to do this, you need to understand the attacks. Let's say that a good defense is a good offense.

The biggest lesson that I have learned from working with this solution is to back up the system all of the time. Do it step by step, and be very precise. Have plans for each and every move, all of the time.

I would rate this solution a nine out of ten.

The dynamic profiling of websites is the solution's most valuable feature. The security is also good.

It would be useful if the solution used more intelligence in attack protection. For example, firewalls are to be dependent on the configuration, but if they could have some data science around it the solution would be even better. The profiling of the traffic, and making decisions surrounding that should be intelligence-based, instead of being based on the configuration of the firewall itself.

The solution is scalable, however, in terms of scalability, you're required to change the appliance, as it's not like a cloud, which is easier to scale. I would not rate it very well when it comes to scalability, because a model of license-based upgrades would be better. They could give you a bigger box to make it easier to grow if you needed to.

The solution's technical support is good.

The initial setup is straightforward. However, when you move to more advanced configurations, you require more expertise.

We are an integration company, so we are providing this as a solution to other customers. They're mostly enterprise-level clients.

I would recommend the solution. I'd rate it eight out of ten.